From 345ee6fdadae636ce50f4876a47129596d6c0d94 Mon Sep 17 00:00:00 2001 From: David P Date: Thu, 20 Aug 2020 13:58:22 -0400 Subject: updpkg: nonsystemd/pambase 20200721.1-2.nonsystemd1 Signed-off-by: David P --- nonsystemd/pambase/system-auth | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'nonsystemd/pambase/system-auth') diff --git a/nonsystemd/pambase/system-auth b/nonsystemd/pambase/system-auth index 264504360..9b2da4567 100644 --- a/nonsystemd/pambase/system-auth +++ b/nonsystemd/pambase/system-auth @@ -1,16 +1,23 @@ #%PAM-1.0 -auth required pam_unix.so try_first_pass nullok -auth optional pam_permit.so -auth required pam_env.so +auth required pam_faillock.so preauth +# Optionally use requisite above if you do not want to prompt for the password +# on locked accounts. +auth [success=1 default=ignore] pam_unix.so try_first_pass nullok +auth [default=die] pam_faillock.so authfail +auth optional pam_permit.so +auth required pam_env.so +auth required pam_faillock.so authsucc +# If you drop the above call to pam_faillock.so the lock will be done also +# on non-consecutive authentication failures. -account required pam_unix.so -account optional pam_permit.so -account required pam_time.so +account required pam_unix.so +account optional pam_permit.so +account required pam_time.so -password required pam_unix.so try_first_pass nullok sha512 shadow -password optional pam_permit.so +password required pam_unix.so try_first_pass nullok shadow +password optional pam_permit.so -session required pam_limits.so -session required pam_unix.so -session optional pam_permit.so +session required pam_limits.so +session required pam_unix.so +session optional pam_permit.so -- cgit v1.2.3